Move RHV4 product to be el8 based

docs/manual/user_guide.adoc

@@ -274,6 +274,14 @@ Ansible, it is advisable to use the playbooks from https://github.com/RedHatOffi
 
 IMPORTANT: The minimum version of Ansible must be at the latest supported version. See https://access.redhat.com/support/policy/updates/ansible-engine for information on the supported Ansible versions.
 
+## Content Notes
+
+### Note on content for Red Hat Virtualization 4
+
+As RHV moves to be based on el8, the contents of `rhv4` will also move to be based on el8.
+
+If you need content for RHV based on el7, use the Red Hat Enterprise Linux 7 (`rhel7`) content.
+
 ## Deprecated Content
 
 .Deprecated or Removed Content

linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
 
 title: 'Uninstall bind Package'
 

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Oracle Linux 7,multi_platform_rhv
+# platform = Red Hat Enterprise Linux 7,Oracle Linux 7
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Oracle Linux 7,multi_platform_rhv
+# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Oracle Linux 7
 
 # Include source function library.
 . /usr/share/scap-security-guide/remediation_functions

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/oval/shared.xml

@@ -6,7 +6,6 @@
         <platform>multi_platform_wrlinux</platform>
         <platform>Red Hat Enterprise Linux 6</platform>
         <platform>Red Hat Enterprise Linux 7</platform>
-        <platform>multi_platform_rhv</platform>
         <platform>Oracle Linux 7</platform>
       </affected>
       <description>Limit the ciphers to those which are FIPS-approved.</description>

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,rhel6,rhel7,rhel8,rhv4,wrlinux1019,wrlinux8
+prodtype: ol7,rhel6,rhel7,rhel8,wrlinux1019,wrlinux8
 
 title: 'Use Only FIPS 140-2 Validated Ciphers'
 

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Oracle Linux 7,multi_platform_rhv
+# platform = Red Hat Enterprise Linux 7,Oracle Linux 7
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Oracle Linux 7,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Oracle Linux 7,multi_platform_sle
 
 # Include source function library.
 . /usr/share/scap-security-guide/remediation_functions

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/oval/shared.xml

@@ -6,7 +6,6 @@
         <platform>multi_platform_wrlinux</platform>
         <platform>Red Hat Enterprise Linux 6</platform>
         <platform>Red Hat Enterprise Linux 7</platform>
-        <platform>multi_platform_rhv</platform>
         <platform>multi_platform_sle12</platform>
         <platform>Oracle Linux 7</platform>
       </affected>

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,rhel6,rhel7,rhel8,rhv4,sle12,wrlinux1019
+prodtype: ol7,rhel6,rhel7,rhel8,sle12,wrlinux1019
 
 title: 'Use Only FIPS 140-2 Validated MACs'
 

linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel6,rhel7,rhv4,wrlinux1019
+prodtype: fedora,rhel6,rhel7,wrlinux1019
 
 title: 'Install the screen Package'
 

linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhv4
 
 title: 'Install the tmux Package'
 

linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,multi_platform_rhv,Oracle Linux 7
+# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,Oracle Linux 7
 # reboot = false
 # strategy = configure
 # complexity = low

linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,multi_platform_rhv,Oracle Linux 7
+# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,Oracle Linux 7
 # reboot = false
 # strategy = configure
 # complexity = low

linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml

@@ -5,7 +5,6 @@
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 7</platform>
         <platform>multi_platform_fedora</platform>
-        <platform>multi_platform_rhv</platform>
         <platform>Oracle Linux 7</platform>
       </affected>
       <description>The NSS DB should be set to use opensc library.</description>

linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,rhel7,rhv4
+prodtype: fedora,ol7,rhel7
 
 title: 'Configure NSS DB To Use opensc'
 

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh

@@ -2,7 +2,7 @@
 . /usr/share/scap-security-guide/remediation_functions
 populate var_audispd_remote_server
 
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
 AUDITCONFIG=/etc/audit/audisp-remote.conf
 {{% else %}}
 AUDITCONFIG=/etc/audisp/audisp-remote.conf

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml

@@ -5,7 +5,7 @@
       <affected family="unix">
         <platform>multi_platform_all</platform>
       </affected>
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
       <description>remote_server setting in /etc/audit/audisp-remote.conf is set to a certain IP address or hostname</description>
 {{% else %}}
       <description>remote_server setting in /etc/audisp/audisp-remote.conf is set to a certain IP address or hostname</description>
@@ -22,7 +22,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_auditd_audispd_configure_remote_server" version="1">
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     <ind:filepath>/etc/audit/audisp-remote.conf</ind:filepath>
 {{% else %}}
     <ind:filepath>/etc/audisp/audisp-remote.conf</ind:filepath>

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml

@@ -8,7 +8,7 @@ description: |-
     Configure the audispd plugin to off-load audit records onto a different
     system or media from the system being audited.
     Set the <tt>remote_server</tt> option in <pre>
-{{%- if product in ["rhel8", "fedora", "ol8"] -%}}
+{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
     /etc/audit/audisp-remote.conf
 {{%- else -%}}
     /etc/audisp/audisp-remote.conf
@@ -41,7 +41,7 @@ ocil_clause: 'audispd is not sending logs to a remote system'
 ocil: |-
     To verify the audispd plugin off-loads audit records onto a different system or
     media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     <pre>$ sudo grep -i remote_server /etc/audit/audisp-remote.conf</pre>
 {{% else %}}
     <pre>$ sudo grep -i remote_server /etc/audisp/audisp-remote.conf</pre>

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh

@@ -1,7 +1,7 @@
 # platform = multi_platform_wrlinux,multi_platform_all
 . /usr/share/scap-security-guide/remediation_functions
 
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
 AUDISP_REMOTE_CONFIG="/etc/audit/audisp-remote.conf"
 option="^transport"
 value="KRB5"

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml

@@ -5,7 +5,7 @@
       <affected family="unix">
         <platform>multi_platform_all</platform>
       </affected>
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
       <description>transport setting in /etc/audit/audisp-remote.conf is set to 'KRB5'</description>
 {{% else %}}
       <description>enable_krb5 setting in /etc/audisp/audisp-remote.conf is set to 'yes'</description>
@@ -23,14 +23,14 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_auditd_audispd_encrypt_sent_records" version="1">
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     <ind:filepath>/etc/audit/audisp-remote.conf</ind:filepath>
 {{% else %}}
     <ind:filepath>/etc/audisp/audisp-remote.conf</ind:filepath>
 {{% endif %}}
     <!-- Allow only space (exactly) as delimiter -->
     <!-- Require at least one space before and after the equal sign -->
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     <ind:pattern operation="pattern match">^[ ]*transport[ ]+=[ ]+KRB5[ ]*$</ind:pattern>
 {{% else %}}
     <ind:pattern operation="pattern match">^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$</ind:pattern>

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml

@@ -7,7 +7,7 @@ title: 'Encrypt Audit Records Sent With audispd Plugin'
 description: |-
     Configure the operating system to encrypt the transfer of off-loaded audit
     records onto a different system or media from the system being audited.
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     Set the <tt>transport</tt> option in <pre>/etc/audit/audisp-remote.conf</pre>
     to <tt>KRB5</tt>.
 {{% else %}}
@@ -39,7 +39,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
 ocil: |-
     To verify the audispd plugin encrypts audit records off-loaded onto a different
     system or media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     <pre>$ sudo grep -i transport /etc/audit/audisp-remote.conf</pre>
     The output should return the following:
     <pre>transport = KRB5</pre>

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml

@@ -6,7 +6,7 @@
 
 - name: enable syslog plugin
   lineinfile:
-    {{% if product in ["rhel8", "fedora", "ol8"] -%}}
+    {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
     dest: /etc/audit/plugins.d/syslog.conf
     {{%- else -%}}
     dest: /etc/audisp/plugins.d/syslog.conf

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh

@@ -2,7 +2,7 @@
 . /usr/share/scap-security-guide/remediation_functions
 var_syslog_active="yes"
 
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
 AUDISP_SYSLOGCONFIG=/etc/audit/plugins.d/syslog.conf
 {{% else %}}
 AUDISP_SYSLOGCONFIG=/etc/audisp/plugins.d/syslog.conf

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml

@@ -5,7 +5,7 @@
       <affected family="unix">
         <platform>multi_platform_all</platform>
       </affected>
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
       <description>active setting in /etc/audit/plugins.d/syslog.conf is set to 'yes'</description>
 {{% else %}}
       <description>active setting in /etc/audisp/plugins.d/syslog.conf is set to 'yes'</description>
@@ -23,7 +23,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_auditd_audispd_syslog_plugin_activated" version="1">
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
     <ind:filepath>/etc/audit/plugins.d/syslog.conf</ind:filepath>
 {{% else %}}
     <ind:filepath>/etc/audisp/plugins.d/syslog.conf</ind:filepath>

linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml

@@ -6,7 +6,7 @@ description: |-
     To configure the <tt>auditd</tt> service to use the
     <tt>syslog</tt> plug-in of the <tt>audispd</tt> audit event multiplexor, set
     the <tt>active</tt> line in <tt>
-{{%- if product in ["rhel8", "fedora", "ol8"] -%}}
+{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
     /etc/audit/plugins.d/syslog.conf
 {{%- else -%}}
     /etc/audisp/plugins.d/syslog.conf
@@ -51,7 +51,7 @@ ocil_clause: 'it is not activated'
 
 ocil: |-
     To verify the audispd's syslog plugin is active, run the following command:
-{{% if product in ["rhel8", "fedora"] %}}
+{{% if product in ["rhel8", "fedora", "rhv4"] %}}
     <pre>$ sudo grep active /etc/audit/plugins.d/syslog.conf</pre>
 {{% else %}}
     <pre>$ sudo grep active /etc/audisp/plugins.d/syslog.conf</pre>

linux_os/guide/system/auditing/grub2_audit_argument/rule.yml

@@ -8,7 +8,7 @@ description: |-
     To ensure all processes can be audited, even those which start
     prior to the audit daemon, add the argument <tt>audit=1</tt> to the default
     GRUB 2 command line for the Linux operating system in
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
     <tt>/etc/default/grub</tt>, so that the line looks similar to
     <pre>GRUB_CMDLINE_LINUX="... audit=1 ..."</pre>
     In case the <tt>GRUB_DISABLE_RECOVERY</tt> is set to true, then the parameter should be added to the <tt>GRUB_CMDLINE_LINUX_DEFAULT</tt> instead.
@@ -50,7 +50,7 @@ references:
 ocil_clause: 'auditing is not enabled at boot time'
 
 ocil: |-
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
     Inspect the form of default GRUB 2 command line for the Linux operating system
     in <tt>/etc/default/grub</tt>. If it includes <tt>audit=1</tt>, then auditing
     is enabled at boot time.

linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
 
 title: 'Install libreswan Package'
 

linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml

@@ -8,7 +8,7 @@ description: |-
     To disable IPv6 protocol support in the Linux kernel,
     add the argument <tt>ipv6.disable=1</tt> to the default
     GRUB2 command line for the Linux operating system in
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
     <tt>/etc/default/grub</tt>, so that the line looks similar to
     <pre>GRUB_CMDLINE_LINUX="... ipv6.disable=1 ..."</pre>
     In case the <tt>GRUB_DISABLE_RECOVERY</tt> is set to true, then the parameter should be added to the <tt>GRUB_CMDLINE_LINUX_DEFAULT</tt> instead.
@@ -39,7 +39,7 @@ references:
 ocil_clause: 'IPv6 is not disabled'
 
 ocil: |-
-    {{% if product in ["rhel7", "ol7", "rhv4"] %}}
+    {{% if product in ["rhel7", "ol7"] %}}
     Inspect the form of default GRUB2 command line for the Linux operating system
     in <tt>/etc/default/grub</tt>. Check if it includes <tt>ipv6.disable=1</tt>.
     First check if the GRUB recovery is enabled:

linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform =  multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform =  multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 
 function remediate_bind_crypto_policy() {
 	CONFIG_FILE="/etc/named.conf"

linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
 
 title: 'Configure BIND to use System Crypto Policy'
 

linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 
 # include remediation functions library
 . /usr/share/scap-security-guide/remediation_functions

linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
 
 title: 'Configure System Cryptography Policy'
 

linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 # reboot = true
 # strategy = configure
 # complexity = low

linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 # reboot = true
 # strategy = configure
 # complexity = low

linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
 
 title: 'Configure Kerberos to use System Crypto Policy'
 

linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform =  multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform =  multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 
 function remediate_libreswan_crypto_policy() {
     CONFIG_FILE="/etc/ipsec.conf"

linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
 
 title: 'Configure Libreswan to use System Crypto Policy'
 

linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
 # reboot = false
 # strategy = unknown
 # complexity = low